Protecting CLEAR's 4G wireless network with RADIUS

CLEAR is popular 4G wireless internet provider in the United States. It provides internet connectivity by using a 4G wireless modem that also acts as a wireless access point. Unfortunately, currently, the safest supported wireless security mode is only the WPA2-PSK. In this post we describe procedure of securing CLEAR’s wireless network with better, RADIUS powered, WPA2-Enterprise security mode.

Firstly, we access modem’s administration interface by opening http://192.168.15.1 from a web browser. After successful authentication, modem welcomes us with the following Welcome screen.

As you can see in the picture above, this modem supports authentication only with the pre-shared keys and not more secure WPA2-Enterprise mode. For WPA2-Enterprise, it is necessary to add another wireless router, to create new RADIUS powered wireless network.

Connecting TP-Link router to CLEAR’s modem

CLEAR will remain our provider of internet connectivity and we connect the TP-Link router to the modem with provided Ethernet cable and turn the router on. It is important to plug the Ethernet cable into the blue network port (uplink).

Next, we connect computer to new wireless network provided by TP-Link and follow initial configuration instructions. During this procedure, the router will ask to enter a PIN number, that is printed on the sticker on the bottom side of the router.

In next step, we select the Wireless Security type. At this moment, not all security options are available, so we select the WPA2-PSK security mode, type in some temporary pre-shared key and finish this configuration.

Creating virtual RADIUS server and user’s accounts

Now, let’s go to https://console.ironwifi.com to define our Network and create accounts for our Users. After signing in, all we have to do is follow Configuration Wizard, which provides all required information in the last page’s summary. We keep this page open, so we can use the values in next step.

Configuring TP-Link router to use WPA2-Enterprise security mode

Let’s go back to the TP-Link router to change wireless security settings. TP-Link’s web administration interface is available at http://192.168.0.1, and it will prompt to enter default credentials; username is admin and password is admin too.

After accessing the Wireless Security Settings, we switch the Wireless Security type to WPA/WPA2 and enter information from the IronWifi Console – the RADIUS server IP address, Port, and Shared Secret.

Finally, save new settings and restart router.

Connecting with user’s credentials

Finally we connect our client devices to the new Protected Wireless Network using user’s credentials defined in Console. For us it works like a charm, but if you still have connecting issues, please follow our documentation for your specific platform.